And yet, insider threats represent only a fraction of all attacks--just 4%, according to Verizon's 2012 Data Breach Investigations Report. So why the fuss? Because insiders have access to critical company information, and there are dozens of ways for them to steal it. And these attacks can have significant impact. Last year, a Bank of America employee sent account information on hundreds of customers to identity thieves, who used the information to steal money from those accounts. Losses totaled $10 million, not to mention the public relations fallout from the incident.
The threat insiders pose is compounded by the fact that IT tends to focus on securing the perimeter of the network from external attacks and pays little attention to malicious activity inside the network. The increasing mobility of corporate data and devices is making it even easier for insiders to steal data. Clearly, it's time companies rethink their security strategies to cover both the malicious hackers and Bob in cubicle 3B.
Insider threats can be either intentional or accidental, and you often can use one set of controls to mitigate both of these. You'll want to target three layers to address the insider threat: the network; the host device; and the people who generate, manipulate, and move data from one place to another.
At the network layer, controls must be capable of analyzing network traffic to detect and, when possible, prevent the transmission of sensitive data. Host-based protections include anti-malware, encryption, change management, and other security controls. The most difficult element of defense is the human factor--implementing policies and training to educate employees on proper handling of sensitive data. Here are steps you can take to secure all three layers.
Put an end to insider theft and accidental data disclosure with network and host controls--and don't forget to keep employees on their toes. Also in the new, all-digital Stop Data Leaks issue of Dark Reading: Why security must be everyone's concern, and lessons learned from the Global Payments breach. (Free registration required.)